General
-
Target
aimware_external.exe
-
Size
123KB
-
Sample
240812-amzeyawejp
-
MD5
23ffb04800882198b4584e8be591f3e0
-
SHA1
6c8ebef9288c020c02a6e4d5e5b10e1f39cdc1fc
-
SHA256
8235ebf650f1d3e30e9df21b3c8c6b8c61c0fd92ad6d09045cea6a32bc2ff8f3
-
SHA512
2981f9b605718c95dce7c12ea9c992356b06153803b66475eb7ba9c57f96ea500e6fa6044470076921e308c054c89bb86864c297ec9c72a9dc9e7d6ebed9ea4a
-
SSDEEP
3072:T+B++iWDjf+q7SReNzLP+My7Aj5/KKh4AQUPK1s5:q+QDjfVN/GMy7AQKuEKG
Malware Config
Extracted
phemedrone
https://api.telegram.org/bot7367395810:AAHNbEmer1FLU3cUb3OwgNi1hwvSPiU8jWA/sendDocument
Targets
-
-
Target
aimware_external.exe
-
Size
123KB
-
MD5
23ffb04800882198b4584e8be591f3e0
-
SHA1
6c8ebef9288c020c02a6e4d5e5b10e1f39cdc1fc
-
SHA256
8235ebf650f1d3e30e9df21b3c8c6b8c61c0fd92ad6d09045cea6a32bc2ff8f3
-
SHA512
2981f9b605718c95dce7c12ea9c992356b06153803b66475eb7ba9c57f96ea500e6fa6044470076921e308c054c89bb86864c297ec9c72a9dc9e7d6ebed9ea4a
-
SSDEEP
3072:T+B++iWDjf+q7SReNzLP+My7Aj5/KKh4AQUPK1s5:q+QDjfVN/GMy7AQKuEKG
Score10/10-
Phemedrone
An information and wallet stealer written in C#.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-